Definition

Exact Data Matching (EDM) is a Symantec DLP detection technique that fingerprints structured data - a customer database, an employee SSN list, an account number table - and detects when those exact records appear anywhere outside their sanctioned location. EDM dramatically reduces false positives compared to regex-based detection (DCM): instead of "any 9-digit number looks like an SSN," EDM matches only the specific SSNs in your fingerprinted database. The original data is hashed before fingerprinting; the underlying PII is never stored in the index. Column profile design (which combinations of fields fire detection) is the operational art of EDM. Common sources: customer rosters, employee directories, account lists, patient registries. Refresh cadence: daily for high-velocity data, weekly for slower-changing. See our EDM/IDM deep-dive.

Symantec products that implement this

  • Symantec Data Loss Prevention - Discover, monitor, and protect sensitive data across endpoints, network, storage, cloud, and email - the most comprehensive enterprise DLP platform on the market.

Related terms

  • DLP (Data Loss Prevention) - Security capability that discovers, monitors, and protects sensitive data across endpoints, networks, storage, cloud, and email.
  • IDM (Indexed Document Matching) - DLP detection technique that fingerprints unstructured documents and detects when copies or substantial portions appear elsewhere.
  • DCM (Described Content Matching) - DLP detection technique using regex patterns, dictionaries, and keywords - fast but high false-positive rate.
  • VML (Vector Machine Learning) - DLP detection technique using trained ML classifiers for categories where rules and fingerprints don't scale.

Deep-dives on EDM